As cliché as it may sound, security is done in layers and so, using our generic rules, we were able to provide 0-day protection against the recent Internet Explorer 0-day CVE-2012-4792 with our Secure Web Gateway (SWG). You can read more in our previous posts:
exploit analysis and payload analysis.
With today’s release of Security Update 141 for SWG we are
adding detection rule which is specific to CVE-2012-4792, named “Internet
Explorer CDwnBindInfo Object use-after-free vulnerability”. This rule will
provide another layer of defense against exploits of this vulnerability.
TURKTRUST Inc., a trusted CA, has incorrectly created two subsidiary certificates which one of them was later used to generate a fraudulent digital certificate of Google. That certificate
was then used in an active attack. As a result, SU141 is removing SWG trust of the following certificates:
- *.google.com issued by
issued by TURKTRUST Elektronik Sunucu Sertifikasi Hizmetleri
- *.EGO.GOV.TR issued by
TURKTRUST Elektronik Sunucu Sertifikasi Hizmetleri
For further information, see Microsoft’s Security Advisory 2798897.
Security Update 141 comes with some more goodies. Here is a link to the release notes for further information.